Professional Documents
Culture Documents
Full download Computer Security Principles and Practice 5th Edition William Stallings file pdf all chapter on 2024
Full download Computer Security Principles and Practice 5th Edition William Stallings file pdf all chapter on 2024
Full download Computer Security Principles and Practice 5th Edition William Stallings file pdf all chapter on 2024
https://ebookmass.com/product/cryptography-and-network-security-
principles-and-practice-global-edition-william-stallings/
https://ebookmass.com/product/computer-security-fundamentals-5th-
edition-william-chuck-easttom/
https://ebookmass.com/product/network-security-essentials-
applications-and-standards-william-stallings/
https://ebookmass.com/product/computer-organization-and-
architecture-designing-for-performance-global-edition-11th-
edition-william-stallings/
Computer Organization And Architecture. Designing For
Performance. 11 Global Edition Edition William
Stallings
https://ebookmass.com/product/computer-organization-and-
architecture-designing-for-performance-11-global-edition-edition-
william-stallings/
https://ebookmass.com/product/principles-of-computer-security-
comptia-security-and-beyond-2nd-edition-edition-conklin/
https://ebookmass.com/product/computer-security-fundamentals-5th-
edition-chuck-easttom/
https://ebookmass.com/product/principles-of-computer-security-
comptia-security-and-beyond-exam-sy0-601-6th-edition-greg-white/
https://ebookmass.com/product/principles-of-computer-security-
comptia-security-and-beyond-lab-manual-exam-sy0-601-jonathan-s-
weissman/
Page 1 of 1641
Computer Security
Principles and Practice
Fifth Edition
William Stallings
Lawrie Brown
UNSW Canberra at the Australian Defence Force Academy
Page 2 of 1641
Content Management: Tracy Johnson
Content Production: Dr Rajul Jain
Product Management: Tracy Johnson
Product Marketing: Krista Clark and Wayne Stevens
Rights and Permissions: Chandan Kumar
Please contact https://support.pearson.com/getsupport/s/
with any queries on this content.
Cover Image by ra2studio/123RF.
Microsoft and/or its respective suppliers make no
representations about the suitability of the information
contained in the documents and related graphics published
as part of the services for any purpose. All such documents
and related graphics are provided “as is” without warranty of
any kind. Microsoft and/or its respective suppliers hereby
disclaim all warranties and conditions with regard to this
information, including all warranties and conditions of
merchantability, whether express, implied or statutory,
fitness for a particular purpose, title and non-infringement. In
no event shall Microsoft and/or its respective suppliers be
liable for any special, indirect or consequential damages or
any damages whatsoever resulting from loss of use, data or
profits, whether in an action of contract, negligence or other
tortious action, arising out of or in connection with the use or
performance of information available from the services.
Page 3 of 1641
Changes are periodically added to the information herein.
Microsoft and/or its respective suppliers may make
improvements and/or changes in the product(s) and/or the
program(s) described herein at any time. Partial screen shots
may be viewed in full within the software version specified.
Page 4 of 1641
Unless otherwise indicated herein, any third-party
trademarks, logos, or icons that may appear in this work are
the property of their respective owners, and any references
to third-party trademarks, logos, icons, or other trade dress
are for demonstrative or descriptive purposes only. Such
references are not intended to imply any sponsorship,
endorsement, authorization, or promotion of Pearson’s
products by the owners of such marks, or any relationship
between the owner and Pearson Education, Inc., or its
affiliates, authors, licensees, or distributors.
Page 5 of 1641
LC record available at https://lccn.loc.gov/2023000040
ISBN-10: 0-13-809167-6
ISBN-13: 978-0-13-809167-5
Page 6 of 1641
For my loving wife, Tricia
—WS
To my extended family and friends, who helped make this all possible
—LB
Page 7 of 1641
Pearson’s Commitment to Diversity, Equity,
and Inclusion
Pearson is dedicated to creating bias-free content that reflects the diversity, depth, and
breadth of all learners’ lived experiences.
We embrace the many dimensions of diversity, including but not limited to race, ethnicity,
gender, sex, sexual orientation, socioeconomic status, ability, age, and religious or political
beliefs.
Education is a powerful force for equity and change in our world. It has the potential to
deliver opportunities that improve lives and enable economic mobility. As we work with
authors to create content for every product and service, we acknowledge our responsibility to
demonstrate inclusivity and incorporate diverse scholarship so that everyone can achieve
their potential through learning. As the world’s leading learning company, we have a duty to
help drive change and live up to our purpose to help more people create a better life for
themselves and to create a better world.
Accessibility
We are also committed to providing products that are fully accessible to all learners. As per
Pearson’s guidelines for accessible educational Web media, we test and retest the capabilities
of our products against the highest standards for every release, following the WCAG
guidelines in developing new products for copyright year 2022 and beyond.
Contact Us
While we work hard to present unbiased, fully accessible content, we want to hear from you
about any concerns or needs with this Pearson product so that we can investigate and address
them.
Page 8 of 1641
For accessibility-related issues, such as using assistive technology with Pearson products,
alternative text requests, or accessibility documentation, email the Pearson Disability Support
team at disability.support@pearson.com
Page 9 of 1641
Preface
What’s New in the Fifth Edition
Since the fourth edition of this book was published, the field has seen continued innovations
and improvements. In this new edition, we try to capture these changes while maintaining a
broad and comprehensive coverage of the entire field. There have been a number of
refinements to improve pedagogy and user-friendliness, updated references, and mention of
recent security incidents, along with a number of more substantive changes throughout the
book. The most noteworthy of these changes include:
Page 10 of 1641
• The ChaCha20 stream cipher: Chapter 20 includes a new section with details of the
ChaCha20 stream cipher, replacing details of the now depreciated RC4 cipher.
• Galois Counter Mode: Appendix E now includes details of the new Galois Counter
authenticated encryption mode of use for block ciphers.
Background
Interest in education in computer security and related topics has been growing at a dramatic
rate in recent years. This interest has been spurred by a number of factors, two of which stand
out:
Objectives
The objective of this book is to provide an up-to-date survey of developments in computer
security. Central problems that confront security designers and security administrators
include defining the threats to computer and network systems, evaluating the relative risks of
these threats, and developing cost-effective and user friendly countermeasures.
• Principles: Although the scope of this book is broad, there are a number of basic
principles that appear repeatedly as themes and that unify this field. Examples are
issues relating to authentication and access control. The book highlights these
principles and examines their application in specific areas of computer security.
• Design approaches: The book examines alternative approaches to meeting specific
computer security requirements.
• Standards: Standards have come to assume an increasingly important, indeed
dominant, role in this field. An understanding of the current status and future direction
of technology requires a comprehensive discussion of the related standards.
Page 11 of 1641
The book is intended for both an academic and a professional audience. As a textbook, it is
intended as a one- or two-semester undergraduate course for computer science, computer
engineering, and electrical engineering majors. This edition is designed to support the
recommendations of the ACM/IEEE Cybersecurity Curricula 2017 (CSEC2017). The
CSEC2017 curriculum recommendation includes eight knowledge areas. Table P.1 shows the
support for the these knowledge areas provided in this textbook. It also identifies six
crosscutting concepts that are designed to help students explore connections among the
knowledge areas, and are fundamental to their ability to understand the knowledge area
regardless of the underlying computing discipline. These concepts, which are topics we
introduce in Chapter 1, are as follows:
• Confidentiality: Rules that limit access to system data and information to authorized
persons.
• Integrity: Assurance that the data and information are accurate and trustworthy.
• Availability: The data, information, and system are accessible.
• Risk: Potential for gain or loss.
• Adversarial thinking: A thinking process that considers the potential actions of the
opposing force working against the desired result.
• Systems thinking: A thinking process that considers the interplay between social and
technical constraints to enable assured operations.
Table P.1
Coverage of CSEC2017 Cybersecurity Curricula
Page 12 of 1641
• Secure component design
principles
• Supply chain management
security
• Security testing
• Reverse engineering
This text discusses all of these knowledge areas and crosscutting concepts.
Page 13 of 1641
This book provides coverage of all the subject areas specified for CISSP (Certified
Information Systems Security Professional) certification. The CISSP designation from the
International Information Systems Security Certification Consortium is often referred
to as the “gold standard” when it comes to information security certification. It is the only
universally recognized certification in the security industry. Many organizations, including
the U.S. Department of Defense and many financial institutions, now require that cyber
security personnel have the CISSP certification. In 2004, CISSP became the first IT program
to earn accreditation under the international standard ISO/IEC 17024 (General Requirements
for Bodies Operating Certification of Persons).
The CISSP examination is based on the Common Body of Knowledge (CBK), a compendium
of information security best practices developed and maintained by , a nonprofit
organization. The CBK is made up of 8 domains that comprise the body of knowledge that is
required for CISSP certification.
The eight domains are as follows, with an indication of where the topics are covered in this
textbook:
Page 14 of 1641
• Software development security: Security in the software development lifecycle;
development environment security controls; software security effectiveness; and
acquired software security impact. (Part Two)
This book provides extensive coverage in these foundational areas, as well as coverage of
many of the other technical, nontechnical, and optional Knowledge Units.
The text includes an extensive glossary, a list of frequently used acronyms, and a
bibliography. Each chapter includes homework problems, review questions, a list of key
words, and suggestions for further reading.
Page 15 of 1641
Student Resources
For this new edition, a tremendous amount of original supporting material for students is
available online at pearsonhighered.com/stallings. The Companion Website, at
Pearsonhighered.com/cs-resources (search for Stallings).
Page 16 of 1641
The major goal of this text is to make it as effective a teaching tool for this exciting and fast-
moving subject as possible. This goal is reflected both in the structure of the book and in the
supporting material. The text is accompanied by the following supplementary material to aid
the instructor:
• Projects manual: Project resources including documents and portable software, plus
suggested project assignments for all of the project categories listed in the following
section
• Solutions manual: Solutions to end-of-chapter Review Questions and Problems
• PowerPoint slides: A set of slides covering all chapters, suitable for use in lecturing
• PDF files: Reproductions of all figures and tables from the book
• Test bank: A chapter-by-chapter set of questions
All of these support materials are available on the Instructor Resource Center (IRC) for this
textbook, which can be reached through the publisher’s Website www.pearsonhighered.com.
To gain access to the IRC, please contact your local Pearson sales representative via
https://www.pearson.com/us/contact-us/find-your-rep.html or call Pearson Faculty Services
at 1-800-922-0579.
• Hacking exercises: Two projects that enable students to gain an understanding of the
issues in intrusion detection and prevention.
• Laboratory exercises: A series of projects that involve programming and
experimenting with concepts from the book.
• Security education (SEED) projects: The SEED projects are a set of hands-on
exercises, or labs, covering a wide range of security topics.
• Research projects: A series of research assignments that instruct the students to
research a particular topic on the Internet and write a report.
• Programming projects: A series of programming projects that cover a broad range
of topics and that can be implemented in any suitable language on any platform.
• Practical security assessments: A set of exercises to examine current infrastructure
and practices of an existing organization.
• Firewall projects: A portable network firewall visualization simulator is provided,
together with exercises for teaching the fundamentals of firewalls.
• Case studies: A set of real-world case studies, including learning objectives, case
description, and a series of case discussion questions.
• Reading/report assignments: A list of papers that can be assigned for reading and
writing a report, plus suggested assignment wording
• Writing assignments: A list of writing assignments to facilitate learning the material.
Page 17 of 1641
This diverse set of projects and other student exercises enables the instructor to use the book
as one component in a rich and varied learning experience and to tailor a course plan to meet
the specific needs of the instructor and students. See Appendix A in this book for details.
Acknowledgments
This new edition has benefited from review by a number of people, who gave generously of
their time and expertise. The following professors and instructors reviewed all or a large part
of the manuscript: Bernardo Palazzi (Brown University), Jean Mayo (Michigan
Technological University), Scott Kerlin (University of North Dakota), Philip Campbell (Ohio
University), Scott Burgess (Humboldt State University), Stanley Wine (Hunter
College/CUNY), and E. Mauricio Angee (Florida International University).
Thanks also to the many people who provided detailed technical reviews of one or more
chapters: Umair Manzoor (UmZ), Adewumi Olatunji (FAGOSI Systems, Nigeria), Rob
Meijer, Robin Goodchil, Greg Barnes (Inviolate Security LLC), Arturo Busleiman (Buanzo
Consulting), Ryan M. Speers (Dartmouth College), Wynand van Staden (School of
Computing, University of South Africa), Oh Sieng Chye, Michael Gromek, Samuel
Weisberger, Brian Smithson (Ricoh Americas Corp, CISSP), Josef B. Weiss (CISSP),
Robbert-Frank Ludwig (Veenendaal, ActStamp Information Security), William Perry,
Daniela Zamfiroiu (CISSP), Rodrigo Ristow Branco, George Chetcuti (Technical Editor,
TechGenix), Thomas Johnson (Director of Information Security at a banking holding
company in Chicago, CISSP), Robert Yanus (CISSP), Rajiv Dasmohapatra (Wipro Ltd), Dirk
Kotze, Ya’akov Yehudi, and Stanley Wine (Adjunct Lecturer, Computer Information
Systems Department, Zicklin School of Business, Baruch College).
Dr. Lawrie Brown would first like to thank Bill Stallings for the pleasure of working with
him to produce this text. I would also like to thank my colleagues in the School of
Engineering and Information Technology, UNSW Canberra at the Australian Defence Force
Academy for their encouragement and support. In particular, thanks to Gideon Creech,
Edward Lewis, and Ben Whitham for discussion and review of some of the chapter content.
Finally, we would like to thank the many people responsible for the publication of the book,
all of whom did their usual excellent job. This includes the staff at Pearson, particularly our
editor Tracy Johnson, with support from Carole Snyder, Erin Sullivan, and Rajul Jain. Also
Mahalakshmi Usha and the team at Integra for their support with the production of the book.
Thanks also to the marketing and sales staffs at Pearson, without whose efforts this book
would not be in front of you.
Page 18 of 1641
Notation
Symbol Expression Meaning
D, K Symmetric decryption of ciphertext Y using secret key
K
Asymmetric decryption of ciphertext Y using A’s
private key
Asymmetric decryption of ciphertext Y using A’s
public key
E, K Symmetric encryption of plaintext X using secret key
K
Asymmetric encryption of plaintext X using A’s
private key
K Secret key
Logical OR: x OR y
Page 19 of 1641
X Query set of C, the set of records satisfying C
x concatenated with y
Page 20 of 1641
Another random document with
no related content on Scribd:
kiertueesta ja tahtoi sitoa kieleni merkitsemällä minut poltinraudalla
surkeaksi ja häijyksi parittajaksi, koska kuukausia Kristianiassa
oltuaan oli oppinut tuntemaan Winter-Hjelmin herkän ja
omantunnontarkan luonteen ja siksi käytti sitä ritarillisena aseena
minua vastaan saadakseen tämän tekemään synnin niin suuren
kuin vain tosi rakkaus, joka täällä maan päällä on niin harvinainen,
pystyy tekemään: rikkomaan ystävyyden, joka oli uhmaillut
lukemattomia kohtaloita ennenkuin tämä hävyttömyys tapahtui. —
Ja mitä minä olin tehnyt? Kymmenen minuutin keskustelu
ylioppilaan kanssa, jolloin läsnä oli eräs nuori tyttö, molemmat
olimme hattu päässä ja päällystakki yllä — siinä kaikki! Mutta
tarkastetaanpa erästä toista asiaa, Betty Bergh on silloin paras
todistaja, eräs neiti käytti minua »bulvaanina», kuka seisoi puodin
portailla kun eräs Professori tuli päivällisiltä? Kuka istui tuon
Professorin kanssa tuntikausia suljettujen ovien takana? Kuka,
kysyn minä?! Te Neiti Aalberg olette unohtanut paljon, paljon, sillä
Te muutatte karakteeriä olosuhteiden mukaan niin että sitten
katsotaan, kumpi meistä kahdesta on rehellisempi sielu. Minulla on
kaikki Teidän kirjeenne ja sitä minä tiedän käyttää kun minun aikani
tulee, sillä synti, valhe, petos, ansaitsee palkkansa, sitä älkää
unhottako. Oi, Te riistitte minulta kunnian nimen ja maineen, Te
koetitte riistää minulta Hedvigin — mutta hänen jalo sielunsa oli
yläpuolella näitä keinoja, juuri noilla rakastettavilla pikkuhistorioilla
Te veitte minut onnettomuuden partaalle. En suostunut enää
tulemaan samaan laivaan, koska »Kullannuppu» oli kavalasti
suunnitellut tuhoni — mutta minä tahdon, että koston päivä kerran
tulee, että minun kyyneleeni, nälkäni ja puutteeni kerran tulevat
Teidän osaksenne. Silloin Teitä eivät auta teeskennellyt puheet,
joita käytitte keväällä 1885, kun Hedvig moitti Teitä käytöksestänne
minua kohtaan — kyllä Te ne muistatte, eikö totta? Mutta kun aina
esiintyy niin valheellisena kuin Te, niin täytyy kai verestää muistia
silloinkin kun haluaa itselleen ja muille uskotella tarkoittavansa
totta. Näin kuuluivat sananne: »Joo, Hedvig, kyllä minä tiedän
tehneeni vääryyttä Marialle, mutta silloin uskoin menetteleväni
oikein, mutta minä tahdon tehdä hyväksi kaiken, sillä nyt olen
riippumaton.» Voi armias Jumala, sanoin minä Hedvigille, kuinka
voi rikoksentekijä hyvittää minut? ja tämä kysymys jää
selvittämättömäksi ja ratkaisemattomaksi aina siihen asti kunnes
seisomme jumalan tuomioistuimen edessä! Ymmärrän, että nämä
sanat ovat hirveät, mutta niihin on syytä enkä suostuisi ottamaan
pois kirjaintakaan, en, vaikka antaisitte minulle palkkanne kahdelta
vuodelta, en, vaikka antaisitte sen kaksinkertaisesti. Te olette ainoa
ihminen, jota minä todella vihaan, vihaan kaikella sillä voimalla,
mikä on sielussani.
M. Grape.»
*****
»Oma Ellen!
*****
Syksyllä 1885 Ida Aalberg näytteli Kööpenhaminan Casino-
teatterissa, ei Adriennena, kuten hän keväällä oli johtaja August
Rasmussenin kanssa sopinut, vaan Marsana Jules Claretien
»Ruhtinas Zilahissa».
*****
*****
I.